Netfilter: mangle vs. filter
Hi, I'm working on a bridging firewall that see's a lot of traffic, and I'm using netfilter/iptables.
I need efficiency in my rules, and so far I have been putting a significant amount of filtering (dropping unused IPs, bad packets, etc) into the mangle table to keep processing down. My question is this: Is it acceptable (and safe) to do some filtering in the mangle table, or should that all happen in the filter section? Is it ok to move some of this into the raw table (since it occurs before connection tracking)? So far I haven't run into problems, but this will be going into production soon. Feedback is awesome. Thanks, zerg4141 |
The last time i checked you were discouraged from using the mangle table for filtering.
|
Moved to Networking for more adequate exposure.
|
All times are GMT -5. The time now is 04:39 AM. |